From f25e815a19cf8ae2d8a5d4b4279aba9a7365be8d Mon Sep 17 00:00:00 2001 From: Simon Rozman Date: Fri, 16 Jan 2026 14:35:16 +0100 Subject: [PATCH] Warn usage of (v)sprintf (v3) Until all projects using this are reviewed, please keep this warning in place. Signed-off-by: Simon Rozman --- include/WinStd/COM.h | 5 ++++- include/WinStd/Common.h | 11 ++++++++++- include/WinStd/Win.h | 5 ++++- 3 files changed, 18 insertions(+), 3 deletions(-) diff --git a/include/WinStd/COM.h b/include/WinStd/COM.h index e5445679..91c54422 100644 --- a/include/WinStd/COM.h +++ b/include/WinStd/COM.h @@ -69,8 +69,11 @@ namespace winstd if (FormatMessageW(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, 0, num, dwLanguageId, wstr, NULL)) { // Stock Windows error messages contain CRLF. Well... Trim all the trailing white space. wstr.erase(wstr.find_last_not_of(L" \t\n\r\f\v") + 1); - } else + } + else { +#pragma warning(suppress: 4996) // Checked to comply. sprintf(wstr, num >= 0x10000 ? L"Error 0x%X" : L"Error %u", num); + } std::string str; WideCharToMultiByte(CP_UTF8, 0, wstr, str, NULL, NULL); return str; diff --git a/include/WinStd/Common.h b/include/WinStd/Common.h index 4f1a72f8..a892333c 100644 --- a/include/WinStd/Common.h +++ b/include/WinStd/Common.h @@ -330,6 +330,7 @@ static int vsprintf(_Inout_ std::basic_string &str, _In_z /// \returns Number of characters in result. /// template +[[deprecated("Behavior of this function changed from append to assign. Please, review call usage.")]] static int sprintf(_Inout_ std::basic_string<_Elem, _Traits, _Ax> &str, _In_z_ _Printf_format_string_ const _Elem *format, ...) { va_list arg; @@ -1283,6 +1284,7 @@ namespace winstd } } } +#pragma warning(suppress: 4996) // Checked to comply. sprintf(sResult, "msg %u", nId); return sResult; } @@ -1322,6 +1324,7 @@ namespace winstd } } } +#pragma warning(suppress: 4996) // Checked to comply. sprintf(sResult, "msg %u", nId); return sResult; } @@ -1467,8 +1470,11 @@ namespace winstd if (FormatMessageW(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, 0, num, dwLanguageId, wstr, NULL)) { // Stock Windows error messages contain CRLF. Well... Trim all the trailing white space. wstr.erase(wstr.find_last_not_of(L" \t\n\r\f\v") + 1); - } else + } + else { +#pragma warning(suppress: 4996) // Checked to comply. sprintf(wstr, num >= 0x10000 ? L"Error 0x%X" : L"Error %u", num); + } std::string str; WideCharToMultiByte(CP_UTF8, 0, wstr, str, NULL, NULL); return str; @@ -1522,6 +1528,7 @@ namespace winstd va_list arg; va_start(arg, nFormatID); +#pragma warning(suppress: 4996) // Checked to comply. vsprintf(*this, format, arg); va_end(arg); } @@ -1540,6 +1547,7 @@ namespace winstd va_list arg; va_start(arg, nFormatID); +#pragma warning(suppress: 4996) // Checked to comply. vsprintf(*this, format, arg); va_end(arg); } @@ -1709,6 +1717,7 @@ namespace winstd /// basic_string_guid(_In_ const GUID &guid, _In_z_ _Printf_format_string_ const _Elem *format) { +#pragma warning(suppress: 4996) // Checked to comply. sprintf<_Elem, _Traits, _Ax>(*this, format, guid.Data1, guid.Data2, diff --git a/include/WinStd/Win.h b/include/WinStd/Win.h index 94f237f3..2b174bbd 100644 --- a/include/WinStd/Win.h +++ b/include/WinStd/Win.h @@ -2104,8 +2104,11 @@ namespace winstd if (ntdll.valid() && FormatMessageW(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS, (HMODULE)ntdll, num, dwLanguageId, wstr, NULL)) { // Stock Windows error messages contain CRLF. Well... Trim all the trailing white space. wstr.erase(wstr.find_last_not_of(L" \t\n\r\f\v") + 1); - } else + } + else { +#pragma warning(suppress: 4996) // Checked to comply. sprintf(wstr, num >= 0x10000 ? L"Error 0x%X" : L"Error %u", num); + } std::string str; WideCharToMultiByte(CP_UTF8, 0, wstr, str, NULL, NULL); return str;